Total
29607 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12357 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-12-10 | 4.3 Medium |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-25150 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-12-10 | 4.3 Medium |
| Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names. | ||||
| CVE-2022-42834 | 1 Apple | 1 Macos | 2024-12-10 | 3.3 Low |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | ||||
| CVE-2024-36461 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 9.1 Critical |
| Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | ||||
| CVE-2023-28956 | 2 Ibm, Microsoft | 3 Spectrum Protect, Spectrum Protect Backup-archive Client, Windows | 2024-12-09 | 8.4 High |
| IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. | ||||
| CVE-2023-5102 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-12-09 | 5.3 Medium |
| Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | ||||
| CVE-2023-43697 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-12-09 | 6.5 Medium |
| Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. | ||||
| CVE-2023-29931 | 1 Laravels Project | 1 Laravels | 2024-12-06 | 9.8 Critical |
| laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | ||||
| CVE-2022-45287 | 1 Temenos | 1 Cwx | 2024-12-06 | 8.8 High |
| An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. | ||||
| CVE-2023-28094 | 1 Pega | 1 Pega Platform | 2024-12-06 | 8.1 High |
| Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. | ||||
| CVE-2024-49580 | 1 Jetbrains | 1 Ktor | 2024-12-06 | 5.3 Medium |
| In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure | ||||
| CVE-2023-34673 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-12-05 | 6.5 Medium |
| Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases. | ||||
| CVE-2023-34671 | 1 Elenos | 2 Etg150 Fm, Etg150 Fm Firmware | 2024-12-05 | 8.8 High |
| Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases. | ||||
| CVE-2023-27197 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-12-05 | 6.7 Medium |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability. | ||||
| CVE-2023-21172 | 1 Google | 1 Android | 2024-12-05 | 7.8 High |
| In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015 | ||||
| CVE-2021-31635 | 1 Jfinal | 1 Jfinal | 2024-12-05 | 9.8 Critical |
| Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. | ||||
| CVE-2023-36664 | 4 Artifex, Debian, Fedoraproject and 1 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2024-12-05 | 7.8 High |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||||
| CVE-2023-34672 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-12-05 | 8.8 High |
| Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases. | ||||
| CVE-2021-30205 | 1 Dzzoffice | 1 Dzzoffice | 2024-12-05 | 5.3 Medium |
| Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. | ||||
| CVE-2023-25517 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-12-04 | 7.1 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | ||||